Dynamic profile sharing using expiring tokens

ABSTRACT

Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

FIELD OF THE INVENTION

The present disclosure generally relates to mobile electronic devices,and more particularly to sharing of information between a mobileelectronic device and other electronic devices, including via a cloudcomputing platform.

BACKGROUND

Current technology allows electronic devices, including mobile devices,to share information through various data communications protocols.These solutions are limited in that they do not provide for dynamic andcontext specific sharing of information.

BRIEF SUMMARY

Aspects of the present disclosure include a method, system, and computerprogram product for dynamically sharing a profile of a mobile device.Access may be provided to a user profile of a user device having a firstlocation, to a destination device, upon detecting that the firstlocation of the first device is within a geographic proximity of asecond location, wherein the second device and the first profile areassociated with the second location. An expiring token may be generated.The expiring token may be associated with the first profile. Theexpiring token may be communicated to the second device. Access to thefirst profile to the second device may be terminated upon an expirationof the expiring token.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a schematic block diagram depicting an operational environmentof a first device at a first location within a geographic proximity ofone or more additional locations, according to an aspect of the presentdisclosure;

FIG. 2 is a schematic block diagram depicting a profile associated withthe first device residing on the first device or on the cloud systemdepicted in FIG. 1, according to an aspect of the present disclosure;

FIG. 3 is a flowchart depicting functions of a program, according to anaspect of the present disclosure;

FIG. 4 is a schematic block diagram of a computer system, according toan aspect of the present disclosure;

FIG. 5 is a block diagram of an illustrative cloud computingenvironment, according to an aspect of the present disclosure; and

FIG. 6 is a block diagram of functional layers of the illustrative cloudcomputing environment of FIG. 5, according to an aspect of the presentdisclosure.

DETAILED DESCRIPTION

As will be described below, embodiments of the present disclosureprovide for dynamic, controlled, and context specific sharing of a userprofile associated with a user device, and a destination device, basedon the location of the user device and a destination location.

Referring now to FIG. 1, according to an exemplary embodiment of thepresent disclosure, a system for dynamically sharing a user profile of adevice may include a user device 104. The user device 104 may be acomputer device such as, without limitation: a smart phone, cellularphone, laptop computer, tablet computer, a computer system of a vehicle,or a device described below in connection with FIG. 4.

The user device 104 may include a user profile 250 and a program 202,embodied on a tangible storage medium thereof, as described in greaterdetail below.

Referring now to FIGS. 1 and 2, the user device 104 (FIG. 1) may includea digital user profile 250 (FIGS. 1 and 2) associated with the userdevice 104. The user profile 250 may include data associated with theuser device 104 and/or with a user or operator of the user device 104.The association may be implemented using, for example, metadata of theuser profile 250 that indicates an ID of the user device 104. The userprofile 250 associated with the user device 104 may be organized as arecord having discrete pieces of information. These may include, in oneembodiment, name, age, car insurance policy number, health insuranceinformation, etc., associated with the operator of the user device 104.

With continued reference to FIGS. 1 and 2, the user profile 250 (FIG. 1)and the information it contains may be a collection of constituent userprofiles 210 (FIG. 2) based on combinations of these discrete pieces ofinformation. Which of these combinations are used to form a constituentuser profile may be determined dynamically, for example, by the operatorof the user device 104 (FIG. 1). Alternatively, each of the constituentuser profiles 210 may include a distinct copy of the information itreferences. For example, each of two constituent user profiles 210 mayhave a distinct copy of a “name” record.

Referring now to FIG. 1, the user profile 250 and/or its constituentuser profiles 210 (FIG. 2) may also be associated with one or moredestination locations 108. The association may be implemented using, forexample, metadata of the user profile 250 that includes an ID of a givendestination location 108. Destination locations 108 are described ingreater detail, below.

The user profile 250 and/or its constituent user profiles may also beassociated with one or more destination devices 116. The association maybe implemented using, for example, metadata of the user profile 250 thatindicates an ID of the destination device(s) 116. The destinationdevices 116 are described in greater detail, below.

Information stored as part of the user profile 250, associated with theuser device 104, may be stored locally on the user device 104, forexample, on a tangible storage medium of the user device 104.Alternatively, the user profile 250 may be stored on a tangible storagemedium that is part of a Cloud system 220, described in greater detail,below. The user profile 250 may also be stored on both the user device104 and on the Cloud system 220 as distinct versions, and each versionmay be synchronized with the other, according to any synchronizationpolicy known in the art.

With continued reference to FIGS. 1 and 2, according to an aspect of thepresent disclosure, the user profile 250 may include, for example, thefollowing constituent profiles:

-   -   A Restaurant Profile 210A (FIG. 2) comprising information        related to a restaurant patron and the patron's visit to and use        of dining services at a restaurant. The patron may be, for        example, an operator of the user device 104 (FIG. 1). The        Restaurant Profile 210A may, in one embodiment, contain the        following information associated with the user device 104 and/or        the patron: name, phone number, number of people typically in        the patron's party when dining at a restaurant (for example, at        the Restaurant Location 108A), the patron's allergies, and the        user's billing information. It may further include seating        preferences, preferred menu items, and additional information.    -   A Hospital Profile 210B (FIG. 2) comprising information related        to a hospital patient and the patient's visit(s) to and receipt        of healthcare services at a hospital. The patient may be, for        example, a operator of the user device 104. The Hospital Profile        210B may, in one embodiment, contain the following information        associated with the user device 104 and/or the patient,        including: name, phone number, address, medical history        including allergies, and insurance information. Such information        may include Electronic Medical Records (EMRs). Although the        Hospital Profile 210B may share some information with another        profile, for example, the Restaurant Profile 210A, the user        device 104 maintains control over which user profile contains        what information, and thereby conveniently and automatically        regulates sharing of the information.    -   A Vehicle Rental Profile 210C (FIG. 2) comprising information        related to a vehicle renter and a visit by the renter to and use        of vehicle rental services at a vehicle rental facility. The        Vehicle Rental Profile 210C may include, in one example, the        following information associated with the renter and/or the user        device 104: Name, phone number, address, age, and insurance        information. Although the Vehicle Rental Profile 210C may share        information with other profiles associated with the user device        104, breaking down the information into individual user profiles        allows the user device 104 to regulate sharing of information.    -   A Retail Outlet Profile 210D (FIG. 2) comprising information        related to a shopper and a visit by the shopper to and use of        sales services at a retail outlet. The shopper may be, for        example, an operator of the user device 104. The Retail Outlet        Profile 210D may include, in one example, the following        information associated with the shopper and/or the user device        104: name, phone number, address, clothing measurements (e.g.,        shoe size, dress size, etc.), billing information, household        info, age, marital status, number of children, age of children,        number of vehicles owned, age of house, etc. Although the Retail        Outlet Profile 210D may share some information with other user        profiles associated with the user device 104, breaking down the        user profile 250 into individual user profiles allows for        dynamic and context-specific sharing of such information.

Referring again to FIG. 1, the user device 104 may be located at a userdevice location 106. The user device location 106 may be a geographiclocation of the user device 106, and it may be an absolute value, suchas a pair of global positioning satellite (GPS) coordinates.Alternatively, the user device location 106 may be a relative value,such as “10 feet from a second location”.

The user device location 106 may be detected in many ways, including,for example, by a monitoring system, using global positioning satellite(GPS) systems, WIFI signals, Radio Frequency Identification (RFID)systems, or any other location tracking technology that can detect thepresence of the user device 104.

With continued reference to FIG. 1, based on its user device location106, the user device 104 may have a proximity 112 to a destinationlocation 108. The destination location 108 may be a geographicallocation, and it may be a single value, such as a pair of GPScoordinates. The destination location 108 may be monitored and/ordetected in many ways, including, for example, through GPS systems, WIFIsignals, RFID systems, or any other location tracking technology thatcan detect the location of the destination location. According to anexemplary embodiment of the present disclosure, as depicted in FIG. 1, adestination location 108 may include: a Restaurant Location 108A, aHospital Location 108B, a Vehicle Rental Location 108C, and a RetailOutlet Location 108D.

The user device 104 may have a proximity (not shown) to a destinationdevice 116 where the destination device 116 is located at thedestination location 108. This may be the case where, for example, thedestination device 116 monitors and detects the proximity of the userdevice 104 to the location 116.

The destination device 116 may be a device similar to the user device104, or a different device including, for example: a smart phone, tabletcomputer, desktop computer, or other electronic device as described inconnection with FIG. 4, below.

The destination device 116 may be located at the destination location108, or it may be located at a different location. In either case, thedestination device 116 may be associated with the destination location108. The association may be, for example, by way of an ID of thedestination location 108 being included as metadata stored on a tangiblestorage medium of the destination device 116, and or a storage medium ofthe user device 104, or both.

The destination device 116 may be associated with the user profile 250,or a constituent profile 210 (FIG. 2). The association may be by way ofmetadata of the user profile 250 or a constituent profile 210 indicatingan ID of the destination device 116.

The location of the destination device 116 may be detected in many ways,including, for example, through GPS systems, WIFI signals, RFID systems,or any other location tracking technology that can detect the locationof the destination device 116.

In exemplary embodiments of the present disclosure, the destinationdevice 116A may be a reservation computer or computer system of arestaurant at the Restaurant Location 108A, a hospital patient intakesystem 116B at the Hospital Location 108B, a client reservation system116C at the Vehicle Rental Location 108B, or a customer service device116D at the Retail Outlet Location 108D. The destination device 116 neednot be located at the second location. For example, in the case of arestaurant that is geographically located at the Restaurant Location108A, the destination device may be geographically located at adifferent location.

According to an exemplary embodiment, the user profile 250 informationto which the destination device 116 gains access through the program202, described below, may be used by the destination device 116 (and/oran operator of the destination device 116) to provide information,goods, and/or services to the user device 104 (and/or to the operator ofthe user device 104). In the example of a restaurant at the RestaurantLocation 108A, the program 202 may provide access to the RestaurantProfile 210A to the destination device 116A. The destination device 106Amay obtain information stored as part the Restaurant Profile 210A, suchas credit card information, number of seats requested, etc. Theinformation obtained from the Restaurant Profile 210A may be displayedto a user of the destination device 116A (e.g., an employee of therestaurant) or may be used by the destination device 116A to takecorresponding action. The corresponding action may be, in this example,reserving a number of seats in the restaurant's reservation system,where the number of seats is equal to the number of seats requested asindicated in the Restaurant Profile 210A.

The user device 104 may have a proximity 112 to the destination location108, and/or to the destination device 116 at the destination location108. The proximity 112 may be a geographical proximity, or a temporalproximity based on the geographical proximity. The proximity may be asingle value or may be a range of values, such as one or more latitudeand longitude coordinates. The proximity may also be relative value,such as “10 feet away from” a given location.

The proximity value may be associated with one or more destinationlocations 116, and may be defined differently for each of thedestination locations 116 with which the proximity 112 value isassociated. A proximity 112 value may be associated with a particulardestination device 116, destination location 108, and/or a user profile250 or a part thereof. The proximity 112 may be defined by the userdevice 104 (e.g., through an operator of the user device 104).

An example of a temporal proximity value of the user device 104 mayinclude: 10 minutes from destination location 108. This temporalproximity may be determined, for example, by calculating an average timerequired to reach the second location from GPS coordinates of the userdevice 104 at the user device location 106 when travelling 60 miles perhour.

Illustrative examples of the proximity of the user device 104 to adestination location, as depicted in FIG. 1, include: a proximity 112Ato the Restaurant Location 108A, a proximity 112B to the HospitalLocation 108B, a proximity 112C to the Vehicle Rental Location 108B, anda proximity 112D to a Retail Outlet Location 108D.

The user device 104 and the destination device 116, which may be locatedat the destination location 108 (for example, at the Restaurant Location108A) or at a different location, may communicate via a Cloud system220, which may include, for example, a server operatively connected tothe user device 104 and to the destination device through a network. Thenetwork may include, without limitation, an internet network and/or acellular network. Additional embodiments are discussed in greater detailin connection with FIGS. 4-7, below.

In another embodiment (not shown), the user device 104 and thedestination device may communicate directly without going through aserver or the Cloud system 220, using, for example, a Bluetoothprotocol.

Each of the user device 104 and the destination device(s) 116, as wellas the user device location 106 and the destination location(s) 108, maybe monitored, tracked, or detected by a monitoring system (not shown).The monitoring device/system may include one or more monitoring devices(not shown). In one embodiment, the monitoring devices of the monitoringsystem may be integrated into the user device 104 and/or the destinationdevice(s) 116. The monitoring system may be the same as, or a part of,the Cloud system 220.

According to an exemplary embodiment, the monitoring system may be acellular network, and the user device 104 may be a smart phone. Thedestination device 116 may register an ID of the user device 104 withthe cellular network, such that each time the user device 104 isdetected by the cellular network as being within a geographic proximityof a destination location 108, the destination device 116 receives anotification (e.g., by text message) that informs the destination device116 of the user device's 104 location.

In a related embodiment, the monitoring system may be the destinationdevice 116, wherein the destination device 116 is capable of detectingthe user device 104. In one example, detection of the user device 104 bythe destination device 116 may be by way of using a Bluetooth protocol.

It will be apparent to one of ordinary skill in the art that othertracking, and monitoring systems may be used without departing from thespirit or scope of the present disclosure.

One or both of the user device 104 and/or the Cloud system 220 may alsoinclude a program 202 that provides functionality for granting access,to the profile 250 or a constituent profile (e.g., a profile 210depicted in FIG. 2) associated with the user device 104, to one or moreof the destination devices 116. Accordingly, the destination device 116may access the user profile 250 or a constituent profile 210, whenaccess to that profile is granted by the program 202.

The program 202 may also terminate the access, to the user profile 250,to the destination device 116, as described below in connection withFIG. 3.

The program 202 may detect, in step 304, that the user device 104 at theuser device location 106 is within a proximity 112 (FIG. 1) of adestination location 108 (FIG. 1), which may be a geographic location ofthe destination device, or another geographic location. The detection bythe program 202 may include, for example, receiving an indication from amonitoring system, as described above, indicating that the user device104 is with the proximity 112 of the destination location 108. Thedestination location 108 may be, for example, the Restaurant Location108A. The proximity 112 may be, for example, the proximity 112A. Theuser device location 106 and the destination location 116 may be thesame location, for example, where the user device 104 is at thedestination location 116.

The program 202 may, in step 308, provide access to a first userprofile, associated with the user device 104, to a second device. Thefirst user profile may be, for example, the user profile 250 associatedwith the user device 104, or a subset of the user profile 250, such asthe Restaurant Profile 210A. The second device may be, for example, adestination device 116. The destination device 116, as described above,may be a computer at the destination location 108, or a computerassociated with the destination location 108. The program 202 mayidentify the destination device 116 and determine if it is associatedwith any profile 210 (FIG. 2) in the user profile 250. For example, theprogram 202 may determine whether the destination device 116A at theRestaurant Location 108A is associated with a corresponding profile 210in the user profile 250. Upon determining that such a profileassociation exists, the program 202 may provide access to the identifiedprofile 210 by the destination device.

The program 202 may be a computer program embodied on a tangible storagedevice of the user device 104, or of a device that is part of the Cloudsystem 220, or both.

In a related embodiment, the program 202 may be, for example, a webservice available to the destination device 116 and/or a programthereon. The destination device 116 may access the web service byproviding identifying information of the user device 104 to the Cloudsystem 220 upon detecting the user device 104. The destination device116 may query user profile 250 information associated with the userdevice 104 (or a constituent profile, such as those depicted in FIG. 2)using an expiring token provided to the destination device via the webservice.

Referring now to FIGS. 1 and 3, according to an exemplary embodiment ofthe present disclosure, the program 202 (FIG. 1) may reside on atangible storage medium on a first device, such as the user device 104(FIG. 1) or on the Cloud system 220 (FIG. 1). In a related embodiment,the functionality of the program 202 may be distributed and/orduplicated among the user device 104 and the Cloud system 220, and/or asecond device, such as the destination device(s) 116, in communicationwith the user device 104 and/or with the Cloud system 220.

The program 202 may limit access to the user profile 250 or a partthereof by the destination device. Accordingly, in step 312, the program202 may generate an expiring token and associate the expiring token withthe profile 210 (FIG. 2) to which access is granted in step 308. Thisprofile 210 may be, for example, the Restaurant Profile 210A. Theexpiring token may be associated with the profile 210 to which access isprovided, in step 316. The expiring token may be an electronic artifactor object with a unique ID. In each instance where the destinationdevice 116 attempts to access the user profile 250 (or a constituentprofile thereof), the program 202 may require that the destinationdevice 116 provide the unique ID of the expiring token. The program 202may grant access to the user profile 250 (or a constituent part thereof)where the unique ID matches a required unique ID, and where the expiringtoken has not expired.

The expiring token may be transmitted to the destination device 116 bythe program 202. The destination device 116 may use the expiring tokento access the user profile 250 (or a part thereof to which thedestination device has access) with which the token is associated, onthe user device 104 or on the Cloud system 220, where the user profile250 is stored. The user device 104 may be pre-configured such that auser of the user device 104 is prompted to allow generation of theexpiring token upon detecting that the user device 104 is within thegeographic proximity to the location in question. This may beaccomplished using, for example, a user interface displayed to the userof the user device 104 via the program 202 or via another program.

The token may expire according to a token expiration policy of theprogram 202. The token expiration policy may be defined dynamically. Forexample, the token may be set to expire upon the user device 104 leavingthe geographic area wherein the presence of the user device 104 firsttriggers execution of the program 202, or upon the proximity of the userdevice location 106 of the user device 104 from the second locationexceeding a threshold value. This may be, for example, upon the userdevice 104 leaving the Restaurant Location 108A (e.g. a user of the userdevice 104 leaves the restaurant while carrying the user device 104),the Hospital 108B, or the Vehicle Rental Location 108B. In a relatedembodiment, the expiring token may include a timer and be set to expire(t) minutes after it is generated. The duration (t) may be dynamicallyset by the user device 104 during runtime of the program 202. The tokenexpiration policy may also be defined by a user dynamically duringruntime, and the user may opt to select expiration by time, locationchange, or both. Accordingly, upon generation, the timer of the expiringtoken may begin a countdown to zero, and may expire upon reaching zero.A user of the user device 104 may manually cause the token to expire.Other token exchange and expiration policies are possible.

Depending on the token expiration policy used, as described above, theprogram 202 may terminate access to the user profile 250 (or to aportion thereof to which access was provided) by the destination device,in step 320, such that the user profile 250 is no longer accessible bythe destination device. Additional safeguards may be implemented toensure that the information is not retained by the destination device.

In other steps (not shown), the program 202 may receive information viathe user device 104, the destination device, and/or the Cloud system220, to update the user profile 250. Such information may correspond to,for example, an experience of a user of the user device 104 while at alocation such as the Restaurant Location 108A. For example, the user ofthe user device 104 may have a new dining preference and may indicatethis new dining preference to a user of the destination device, such asan employee of the restaurant at the Restaurant Location 108A. The userof the destination device may input the new dining preference directlyor indirectly to the destination device. The destination device maycommunicate the new dining preference to the program 202 via the Cloudsystem 220 or directly to the user device 104. In a related embodiment,the new dining preference may be input into the user device 104.Updating information associated with a shared user profile need not beby way of user input. It may be done automatically. For example, if thedestination device detects that a new credit card is used to pay for ameal at the Restaurant Location 108A, the new credit card informationmay automatically be transmitted by the destination device to the userdevice 104 and/or the Cloud system 220, through, for example, theprogram 202.

Irrespective of the manner of detection and/or input and which devicereceives and/or communicates the input, the corresponding informationmay be used by the program 202 to update the user profile 250 or aconstituent profile 210 (FIG. 2) thereof.

Access to the user profile 250 by the destination device for the purposeof updating the user profile 250 may be limited in the same manner asaccess to retrieve information from the user profile 250 is limited. Inother words, while the expiring token is not expired and access is notterminated, the user profile 250 may be updated. Where an update to theuser profile 250 is initiated by or via the destination device, theprogram 202 may tentatively process the update subject to an affirmativeapproval indicated by or via the user device 104 (for example, upon theuser's approval indicated through an input to the user device 104).

Non-limiting benefits of embodiments of the present disclosure includeallowing the automated exchange of information between the user device104, which may be operated by a user, and a destination device, whichmay be operated by a second user, such as a business or service providerthat permits the business to provide a customized experience to the userin an efficient manner. This allows the user device 104 to shareinformation seamlessly via the but discretely, so that only informationthat is associated with the destination device or the second location isshared. The user of the user device 104 need not specify whichinformation to share each time the user visits the second location,because the information shared is context specific. The user device 104and/or the user can decide what information is shared in a givencontext. Accordingly, the destination device and/or a user of thedestination device will only have access to the user profile informationof the user device 104 temporarily. Not only does this allow the userdevice 104 information to be shared selectively depending on context, italso allows the destination device to access and use information that iscurrent and most useful, rather than storing information that my bestale.

Although discussions of the various embodiments of the presentdisclosure have involved using these embodiments for the purpose ofmaintaining confidentiality, such purpose does not limit the spirit orscope of the present disclosure, and other uses are expresslycontemplated.

Furthermore, although discussions of some of the embodiments above haveincluded one or more users, the functions described may be performedautomatically and do not require manual input, and may be performed inan entirely automated manner.

Referring now to FIG. 4, a computing device 1000 may include respectivesets of internal components 800 and external components 900. Each of thesets of internal components 800 includes one or more processors 820; oneor more computer-readable RAMs 822; one or more computer-readable ROMs824 on one or more buses 826; one or more operating systems 828; one ormore software applications 828 a (e.g., device driver modules) executingthe method 300; and one or more computer-readable tangible storagedevices 830. The one or more operating systems 828 and device drivermodules 840 are stored on one or more of the respectivecomputer-readable tangible storage devices 830 for execution by one ormore of the respective processors 820 via one or more of the respectiveRAMs 822 (which typically include cache memory). In the embodimentillustrated in FIG. 4, each of the computer-readable tangible storagedevices 830 is a magnetic disk storage device of an internal hard drive.Alternatively, each of the computer-readable tangible storage devices830 is a semiconductor storage device such as ROM 824, EPROM, flashmemory or any other computer-readable tangible storage device that canstore a computer program and digital information.

Each set of internal components 800 also includes a R/W drive orinterface 832 to read from and write to one or more computer-readabletangible storage devices 936 such as a thin provisioning storage device,CD-ROM, DVD, SSD, memory stick, magnetic tape, magnetic disk, opticaldisk or semiconductor storage device. The R/W drive or interface 832 maybe used to load the device driver 840 firmware, software, or microcodeto tangible storage device 936 to facilitate communication withcomponents of computing device 1000.

Each set of internal components 800 may also include network adapters(or switch port cards) or interfaces 836 such as a TCP/IP adapter cards,wireless WI-FI interface cards, or 3G or 4G wireless interface cards orother wired or wireless communication links. The operating system 828that is associated with computing device 1000, can be downloaded tocomputing device 1000 from an external computer (e.g., server) via anetwork (for example, the Internet, a local area network or wide areanetwork) and respective network adapters or interfaces 836. From thenetwork adapters (or switch port adapters) or interfaces 836 andoperating system 828 associated with computing device 1000 are loadedinto the respective hard drive 830 and network adapter 836. The networkmay comprise copper wires, optical fibers, wireless transmission,routers, firewalls, switches, gateway computers and/or edge servers.

Each of the sets of external components 900 can include a computerdisplay monitor 920, a keyboard 930, and a computer mouse 934. Externalcomponents 900 can also include touch screens, virtual keyboards, touchpads, pointing devices, and other human interface devices. Each of thesets of internal components 800 also includes device drivers 840 tointerface to computer display monitor 920, keyboard 930 and computermouse 934. The device drivers 840, R/W drive or interface 832 andnetwork adapter or interface 836 comprise hardware and software (storedin storage device 830 and/or ROM 824).

Referring now to FIG. 5, an illustrative cloud computing environment 500is depicted. As shown, the cloud computing environment 500 comprises oneor more cloud computing nodes, each of which may be a system 1000 withwhich local computing devices used by cloud consumers, such as, forexample, a personal digital assistant (PDA) or a cellular telephone500A, a desktop computer 500B, a laptop computer 500C, and/or anautomobile computer system 500N, may communicate. The nodes 1000 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows the cloud computing environment 500 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 500A-Nshown in FIG. 5 are intended to be illustrative only and that thecomputing nodes 1000 and the cloud computing environment 500 cancommunicate with any type of computerized device over any type ofnetwork and/or network addressable connection (e.g., using a webbrowser).

Referring now to FIG. 6, a set of functional abstraction layers providedby the cloud computing environment 600 (FIG. 5) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 6 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided.

The hardware and software layer 610 includes hardware and softwarecomponents. Examples of hardware components include mainframes, in oneexample IBM® zSeries® systems; RISC (Reduced Instruction Set Computer)architecture based servers, in one example IBM pSeries® systems; IBMxSeries® systems; IBM BladeCenter® systems; storage devices; networksand networking components. Examples of software components includenetwork application server software, in one example IBM WebSphere®application server software; and database software, in one example IBMDB2® database software. (IBM, zSeries, pSeries, xSeries, BladeCenter,WebSphere, and DB2 are trademarks of International Business MachinesCorporation registered in many jurisdictions worldwide).

The virtualization layer 614 provides an abstraction layer from whichthe following examples of virtual entities may be provided: virtualservers; virtual storage; virtual networks, including virtual privatenetworks; virtual applications and operating systems; and virtualclients.

In one example, the management layer 618 may provide the functionsdescribed below. Resource provisioning provides dynamic procurement ofcomputing resources and other resources that are utilized to performtasks within the cloud computing environment. Metering and Pricingprovide cost tracking as resources are utilized within the cloudcomputing environment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal provides access to the cloud computing environment forconsumers and system administrators. Service level management providescloud computing resource allocation and management such that requiredservice levels are met. Service Level Agreement (SLA) planning andfulfillment provide pre-arrangement for, and procurement of, cloudcomputing resources for which a future requirement is anticipated inaccordance with an SLA.

The workloads layer 622 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation; software development and lifecycle management; virtualclassroom education delivery; data analytics processing; transactionprocessing; and a dynamic profile sharing component that provides thefunctionality provided by embodiments of the present disclosuredescribed in FIGS. 1-3.

While the present invention is particularly shown and described withrespect to preferred embodiments thereof, it will be understood by thoseskilled in the art that changes in forms and details may be made withoutdeparting from the spirit and scope of the present application. It istherefore intended that the present invention not be limited to theexact forms and details described and illustrated herein, but fallswithin the scope of the appended claims.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “module” or “system.” Furthermore,aspects of the present invention may take the form of a computer programproduct embodied in one or more computer readable medium(s) havingcomputer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention are described with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

While steps of the disclosed method and components of the disclosedsystems and environments have been sequentially or serially identifiedusing numbers and letters, such numbering or lettering is not anindication that such steps must be performed in the order recited, andis merely provided to facilitate clear referencing of the method'ssteps. Furthermore, steps of the method may be performed in parallel toperform their described functionality.

What is claimed is:
 1. A computer system for dynamically sharing a userprofile of a user device, comprising: a computer having a processor anda tangible storage device; a program embodied on the storage device forexecution by the processor, the program having a plurality of programinstructions, including instructions for: providing, by the user device,to a destination device, access to the user profile of the user device,upon detecting that a location of the user device is within a proximityof the destination device, wherein providing access to the user profilecomprises receiving an input from a user of the user device to selectthe user profile from among a plurality of user profiles, whereinproviding access to the user profile comprises prompting the user toallow generation of an expiring token and receiving an input from theuser indicating permission to generate the expiring token, wherein theuser profile includes at least one of electronic medical records, diningpreferences, driving records, or shopping preferences, wherein theproximity is configurable by the user device, wherein the location isdefined as a geographic area centered on a pair of latitude andlongitude coordinates; generating, by the user device, the expiringtoken comprising a unique identification code, wherein expiration of theexpiring token occurs upon detecting at least one of the proximityexceeding a threshold value or a defined time elapsing since generatingthe expiring token, wherein the defined time comprises a durationdynamically set by the user device during runtime of the method on thecomputer, and wherein the expiration of the token is further based on atoken expiration policy defined by the user device during runtime, thetoken expiration policy comprising a selection by the user device of anexpiration by time, location change, or both; associating, by the userdevice, the expiring token with the user profile; communicating, by theuser device, the expiring token to the destination device, performing,by the user device, at least one of the following: denying access to theuser profile in response to receiving a communication from thedestination device lacking the unique identification code; or updatingthe user profile in response to receiving the unique identification codeand information corresponding to the user profile from the destinationdevice; and terminating, by the user device, the access to the userprofile, provided to the destination device, upon an expiration of theexpiring token.